The App Store's in-app purchases security has been breached. A Russian hacker has found a…
Read more Read more

So far, Apple has issued a takedown request of the original server, had the YouTube instruction video pulled, and had PayPal remove the donation account Borodin had set up. But Borodin has moved his servers offshore, and improved the hack to not use Apple's servers, as you can see in the flow chart above.

"The security of the App Store is incredibly important to us and the developer community," Apple representative Natalie Harrison said. "We take reports of fraudulent activity very seriously and we are investigating."

You can follow the ongoing back and forth at the Borodin's site, In-Appstore. He raised a little money to keep hosting running for a month, and he seems committed to keeping the whack-a-hack with Apple going as long as he can sustain it. [In-Appstore via TNW via MacRumors, The Loop]